Bump the production-dependencies group with 6 updates

[dependabot]

Bumps the production-dependencies group with 6 updates:

Package	From	To
click	8.3.0	8.3.1
google-cloud-storage	3.4.1	3.6.0
pip-tools	7.5.1	7.5.2
pytest	8.4.2	9.0.1
ruff	0.14.3	0.14.7
sentry-sdk	2.43.0	2.46.0

Updates click from 8.3.0 to 8.3.1

Release notes

Sourced from click's releases.

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

• Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

Changelog

Sourced from click's changelog.

Version 8.3.1

Released 2025-11-15

• Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Commits

• 1d038f2 release version 8.3.1
• 03f3889 Fix Ruff UP038 warning (#3141)
• 3867781 Fix Ruff UP038 warning
• b91bb95 Provide altered context to callbacks to hide UNSET values as None (#3137)
• 437e1e3 Temporarily provide a fake context to the callback to hide UNSET values as ...
• ea70da4 Don't test using a file in docs/ (#3102)
• e27b307 Make uv run --all-extras pyright --verifytypes click pass (#3072)
• a92c573 Fix test_edit to work with BSD sed (#3129)
• bd131e1 Fix test_edit to work with BSD sed
• 0b5c6b7 Add Best practices section (#3127)
• Additional commits viewable in compare view

Updates google-cloud-storage from 3.4.1 to 3.6.0

Release notes

Sourced from google-cloud-storage's releases.

v3.6.0

3.6.0 (2025-11-17)

Features

• Add support for partial list buckets (#1606) (92fc2b0)
• Make return_partial_success and unreachable fields public for list Bucket (#1601) (323cddd)
• zb-experimental: Add async write object stream (5ab8103)
• zb-experimental: Add async write object stream (#1612) (5ab8103)

Bug Fixes

• Dont pass credentials to StorageClient (#1608) (195d644)

v3.5.0

3.5.0 (2025-11-05)

Features

• Ensure that Python in FIPS mode can fetch MD5 implementation (#1522) (961536c)
• Provide option to update user_agent (#1596) (02f1451)

Bug Fixes

• Deprecate credentials_file argument (74415a2)
• Flaky system tests for resumable_media (#1592) (7fee3dd)
• Make download_ranges compatible with asyncio.create_task(..) (#1591) (faf8b83)
• Make download_ranges compatible with asyncio.create_task(..) (#1591) (faf8b83)
• Redact sensitive data from OTEL traces and fix env var parsing (#1553) (a38ca19)
• Redact sensitive data from OTEL traces and fix env var parsing (#1553) (a38ca19)
• Use separate header object for each upload in Transfer Manager MPU (#1595) (0d867bd)

Changelog

Sourced from google-cloud-storage's changelog.

3.6.0 (2025-11-17)

Features

• Add support for partial list buckets (#1606) (92fc2b0)
• Make return_partial_success and unreachable fields public for list Bucket (#1601) (323cddd)
• zb-experimental: Add async write object stream (5ab8103)
• zb-experimental: Add async write object stream (#1612) (5ab8103)

Bug Fixes

• Dont pass credentials to StorageClient (#1608) (195d644)

3.5.0 (2025-11-05)

Features

• experimental: Add base resumption strategy for bidi streams (#1594) (5fb85ea)
• experimental: Add checksum for bidi reads operation (#1566) (93ce515)
• experimental: Add read resumption strategy (#1599) (5d5e895)
• experimental: Handle BidiReadObjectRedirectedError for bidi reads (#1600) (71b0f8a)
• Indicate that md5 is used as a CRC (#1522) (961536c)
• Provide option to update user_agent (#1596) (02f1451)

Bug Fixes

• Deprecate credentials_file argument (74415a2)
• Flaky system tests for resumable_media (#1592) (7fee3dd)
• Make download_ranges compatible with asyncio.create_task(..) (#1591) (faf8b83)
• Make download_ranges compatible with asyncio.create_task(..) (#1591) (faf8b83)
• Redact sensitive data from OTEL traces and fix env var parsing (#1553) (a38ca19)
• Redact sensitive data from OTEL traces and fix env var parsing (#1553) (a38ca19)
• Use separate header object for each upload in Transfer Manager MPU (#1595) (0d867bd)

Commits

• 0b70a28 chore(main): release 3.6.0 (#1603)
• 5ab8103 feat(zb-experimental): add async write object stream (#1612)
• 92fc2b0 feat: add support for partial list buckets (#1606)
• 195d644 fix: dont pass credentials to StorageClient (#1608)
• 323cddd feat: make return_partial_success and unreachable fields public for list Buck...
• c2cd474 chore(main): release 3.5.0 (#1568)
• 71b0f8a feat(experimental): Handle BidiReadObjectRedirectedError for bidi reads (#1600)
• 5d5e895 feat(experimental): Add read resumption strategy (#1599)
• 5fb85ea feat(experimental): Add base resumption strategy for bidi streams (#1594)
• 0d867bd fix: Use separate header object for each upload in Transfer Manager MPU (#1595)
• Additional commits viewable in compare view

Updates pip-tools from 7.5.1 to 7.5.2

Release notes

Sourced from pip-tools's releases.

v7.5.2

2025-11-11

Bug fixes

• Fixed pip-compile to handle relative path includes which are not subpaths of the current working directory -- by @​sirosen.

  PRs and issues: #2231, #2260

• Using --upgrade-package and dynamically building project metadata no longer causes an AttributeError when pip encounters an error during the build -- by @​Epic_Wink and @​tusharsadhwani.

  PRs and issues: #2258

Features

• Test and declare Python 3.13 support -- by @​jayaddison (for OpenCulinary).

  PRs and issues: #2251

• pip-tools is now compatible with pip 25.3 -- by @​shifqu.

  PRs and issues: #2252, #2253

Packaging updates and notes for downstreams

• pip-tools now supports installation from git archives by providing setuptools-scm with .git_archival.txt data.

  PRs and issues: #2225

Contributor-facing changes

• The change log entry bot has been explicitly configured to stop requiring news fragments in pull requests having the bot:chronographer:skip label set -- by @​sirosen and @​webknjaz.

  It was also set up to reference our change log authoring document from the GitHub Checks pages. And the reported check name is now set to Change log entry.

  PRs and issues: #2201

• The CI is now set up to invoke failed tests again with maximum level of detail -- by @​webknjaz.

  The change is aimed at helping troubleshoot failures that might be difficult to reproduce locally.

  PRs and issues: #2254

• The integration with Codecov has been updated to ensure that reports are uploaded to the service even on failures -- by @​webknjaz.

  GitHub Actions is now configured to also send an explicit notification to Codecov about the completion of previously initiated uploads.

... (truncated)

Changelog

Sourced from pip-tools's changelog.

v7.5.2

2025-11-11

Bug fixes

• Fixed pip-compile to handle relative path includes which are not subpaths of the current working directory -- by {user}sirosen.

  PRs and issues: {issue}2231, {issue}2260

• Using --upgrade-package and dynamically building project metadata no longer causes an {exc}AttributeError when pip encounters an error during the build -- by {user}Epic_Wink and {user}tusharsadhwani.

  PRs and issues: {issue}2258

Features

• Test and declare Python 3.13 support -- by {user}jayaddison (for OpenCulinary).

  PRs and issues: {issue}2251

• pip-tools is now compatible with pip 25.3 -- by {user}shifqu.

  PRs and issues: {issue}2252, {issue}2253

Packaging updates and notes for downstreams

• pip-tools now supports installation from git archives by providing setuptools-scm with .git_archival.txt data.

  PRs and issues: {issue}2225

Contributor-facing changes

• The change log entry bot has been explicitly configured to stop requiring news fragments in pull requests having the bot:chronographer:skip label set -- by {user}sirosen and {user}webknjaz.

  It was also set up to reference our change log authoring document from the GitHub Checks pages. And the reported check name is now set to Change log entry.

  PRs and issues: {issue}2201

• The CI is now set up to invoke failed tests again with maximum level of detail -- by {user}webknjaz.

... (truncated)

Commits

• eb9606f Merge pull request #2270 from sirosen/release-7.5.2
• 2cbb933 Update changelog for version 7.5.2
• d33539c Merge pull request #2253 from shifqu/fix/remove-opt-pep517
• 43e1159 Apply suggestions from code review
• b7e8f9b changelog: add news fragment for towncrier
• 88f2761 tests: lower required coverage for py38 to 98%
• 608c47b feat: add deprecation warnings in cli and sync
• 43952fc tests: ensure tox pipsupported uses pip 25.3
• bfa96b5 tests: provide minimal_wheels_path as a fixture
• 10a4b44 fix: remove deprecated options from resolver and install_requirement
• Additional commits viewable in compare view

Updates pytest from 8.4.2 to 9.0.1

Release notes

Sourced from pytest's releases.

9.0.1

pytest 9.0.1 (2025-11-12)

Bug fixes

• #13895: Restore support for skipping tests via raise unittest.SkipTest.
• #13896: The terminal progress plugin added in pytest 9.0 is now automatically disabled when iTerm2 is detected, it generated desktop notifications instead of the desired functionality.
• #13904: Fixed the TOML type of the verbosity settings in the API reference from number to string.
• #13910: Fixed UserWarning: Do not expect file_or_dir on some earlier Python 3.12 and 3.13 point versions.

Packaging updates and notes for downstreams

• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

Contributor-facing changes

• #13891, #13942: The CI/CD part of the release automation is now capable of creating GitHub Releases without having a Git checkout on disk -- by bluetech and webknjaz.
• #13933: The tox configuration has been adjusted to make sure the desired version string can be passed into its package_env through the SETUPTOOLS_SCM_PRETEND_VERSION_FOR_PYTEST environment variable as a part of the release process -- by webknjaz.

9.0.0

pytest 9.0.0 (2025-11-05)

New features

• #1367: Support for subtests has been added.

  subtests <subtests> are an alternative to parametrization, useful in situations where the parametrization values are not all known at collection time.

  Example:

  def contains_docstring(p: Path) -> bool:
      """Return True if the given Python file contains a top-level docstring."""
      ...
  def test_py_files_contain_docstring(subtests: pytest.Subtests) -> None:
  for path in Path.cwd().glob("*.py"):
  with subtests.test(path=str(path)):
  assert contains_docstring(path)

... (truncated)

Commits

• d1b64aa Prepare release version 9.0.1
• 0a497c7 regendoc: remove CI environment variables (#13950) (#13951)
• a9f7e6e 🧪 Run gh release w/o Git in CI/CD (#13942) (#13947)
• 2682a66 Merge pull request #13944 from pytest-dev/patchback/backports/9.0.x/bef7d34f1...
• a999997 Merge pull request #13941 from nicoddemus/min-pre-commit-version
• 4bd63a0 Merge pull request #13935 from pytest-dev/patchback/backports/9.0.x/ce8b8a7b4...
• 15f93b3 Merge pull request #13933 from webknjaz/maintenance/tox-pep517-env-setuptools...
• 0fa11ae Merge pull request #13927 from pytest-dev/patchback/backports/9.0.x/3d8075743...
• fa45470 Merge pull request #13926 from pytest-dev/patchback/backports/9.0.x/d587e0cf8...
• b4e3973 Merge pull request #13922 from bluetech/fix-argparse-userwarning
• Additional commits viewable in compare view

Updates ruff from 0.14.3 to 0.14.7

Release notes

Sourced from ruff's releases.

0.14.7

Release Notes

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

Contributors

• @​mikeleppane
• @​senekor
• @​ShaharNaveh
• @​JumboBear
• @​prakhar1144
• @​tsvikas
• @​danparizher
• @​chirizxc
• @​AlexWaygood
• @​MichaReiser

Install ruff 0.14.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.14.7/ruff-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.7

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

Contributors

• @​mikeleppane
• @​senekor
• @​ShaharNaveh
• @​JumboBear
• @​prakhar1144
• @​tsvikas
• @​danparizher
• @​chirizxc
• @​AlexWaygood
• @​MichaReiser

0.14.6

Released on 2025-11-21.

Preview features

• [flake8-bandit] Support new PySNMP API paths (S508, S509) (#21374)

Bug fixes

• Adjust own-line comment placement between branches (#21185)
• Avoid syntax error when formatting attribute expressions with outer parentheses, parenthesized value, and trailing comment on value (#20418)
• Fix panic when formatting comments in unary expressions (#21501)
• Respect fmt: skip for compound statements on a single line (#20633)
• [refurb] Fix FURB103 autofix (#21454)

... (truncated)

Commits

• ecab623 Bump 0.14.7 (#21684)
• 42f1521 [ty] Generic types aliases (implicit and PEP 613) (#21553)
• 594b7b0 [ty] Preserve quoting style when autofixing TypedDict keys (#21682)
• b5b4917 [ty] Fix override of final method summary (#21681)
• 0084e94 [ty] Fix subtyping of type[Any] / type[T] and protocols (#21678)
• 566c959 [ty] Rename ReferenceRequestHandler file (#21680)
• 8bcfc19 [ty] Implement typing.final for methods (#21646)
• c534bfa [ty] Implement patterns and typevars in the LSP (#21671)
• 5e1b2ee [ty] implement rendering of .. code:: lang in docstrings (#21665)
• 98681b9 [ty] Add db parameter to Parameters::new method (#21674)
• Additional commits viewable in compare view

Updates sentry-sdk from 2.43.0 to 2.46.0

Release notes

Sourced from sentry-sdk's releases.

2.46.0

Various fixes & improvements

• Preserve metadata on wrapped coroutines (#5105) by @​alexander-alderman-webb
• Make imports defensive to avoid ModuleNotFoundError in Pydantic AI integration (#5135) by @​alexander-alderman-webb
• Fix OpenAI agents integration mistakenly enabling itself (#5132) by @​sentrivana
• Add instrumentation to embedding functions for various backends (#5120) by @​constantinius
• Improve embeddings support for OpenAI (#5121) by @​constantinius
• Enhance input handling for embeddings in LiteLLM integration (#5127) by @​constantinius
• Expect exceptions when re-raised (#5125) by @​alexander-alderman-webb
• Remove MagicMock from mocked ModelResponse (#5126) by @​alexander-alderman-webb

2.45.0

Various fixes & improvements

• OTLPIntegration (#4877) by @​sl0thentr0py

  Enable the new OTLP integration with the code snippet below, and your OpenTelemetry instrumentation will be automatically sent to Sentry's OTLP ingestion endpoint.

    import sentry_sdk
    from sentry_sdk.integrations.otlp import OTLPIntegration
  sentry_sdk.init(
  dsn="<your-dsn>",
  # Add data like inputs and responses;
  # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
  send_default_pii=True,
  integrations=[
  OTLPIntegration(),
  ],
  )

  Under the hood, this will setup:

  • A SpanExporter that will automatically set up the OTLP ingestion endpoint from your DSN
  • A Propagator that ensures Distributed Tracing works
  • Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics

  If you were using the SentrySpanProcessor before, we recommend migrating over to OTLPIntegration since it's a much simpler setup.

• feat(integrations): implement context management for invoke_agent spans (#5089) by @​constantinius

• feat(loguru): Capture extra (#5096) by @​sentrivana

• feat: Attach server.address to metrics (#5113) by @​alexander-alderman-webb

• fix: Cast message and detail attributes before appending exception notes (#5114) by @​alexander-alderman-webb

• fix(integrations): ensure that GEN_AI_AGENT_NAME is properly set for GEN_AI spans under an invoke_agent span (#5030) by @​constantinius

• fix(logs): Update sentry.origin (#5112) by @​sentrivana

• chore: Deprecate description truncation option for Redis spans (#5073) by @​alexander-alderman-webb

• chore: Deprecate max_spans LangChain parameter (#5074) by @​alexander-alderman-webb

• chore(toxgen): Check availability of pip and add detail to exceptions (#5076) by @​alexander-alderman-webb

... (truncated)

Changelog

Sourced from sentry-sdk's changelog.

2.46.0

Various fixes & improvements

• Preserve metadata on wrapped coroutines (#5105) by @​alexander-alderman-webb
• Make imports defensive to avoid ModuleNotFoundError in Pydantic AI integration (#5135) by @​alexander-alderman-webb
• Fix OpenAI agents integration mistakenly enabling itself (#5132) by @​sentrivana
• Add instrumentation to embedding functions for various backends (#5120) by @​constantinius
• Improve embeddings support for OpenAI (#5121) by @​constantinius
• Enhance input handling for embeddings in LiteLLM integration (#5127) by @​constantinius
• Expect exceptions when re-raised (#5125) by @​alexander-alderman-webb
• Remove MagicMock from mocked ModelResponse (#5126) by @​alexander-alderman-webb

2.45.0

Various fixes & improvements

• OTLPIntegration (#4877) by @​sl0thentr0py

  Enable the new OTLP integration with the code snippet below, and your OpenTelemetry instrumentation will be automatically sent to Sentry's OTLP ingestion endpoint.

    import sentry_sdk
    from sentry_sdk.integrations.otlp import OTLPIntegration
  sentry_sdk.init(
  dsn="<your-dsn>",
  # Add data like inputs and responses;
  # see https://docs.sentry.io/platforms/python/data-management/data-collected/ for more info
  send_default_pii=True,
  integrations=[
  OTLPIntegration(),
  ],
  )

  Under the hood, this will setup:

  • A SpanExporter that will automatically set up the OTLP ingestion endpoint from your DSN
  • A Propagator that ensures Distributed Tracing works
  • Trace/Span linking for all other Sentry events such as Errors, Logs, Crons and Metrics

  If you were using the SentrySpanProcessor before, we recommend migrating over to OTLPIntegration since it's a much simpler setup.

• feat(integrations): implement context management for invoke_agent spans (#5089) by @​constantinius

• feat(loguru): Capture extra (#5096) by @​sentrivana

• feat: Attach server.address to metrics (#5113) by @​alexander-alderman-webb

• fix: Cast message and detail attributes before appending exception notes (#5114) by @​alexander-alderman-webb

• fix(integrations): ensure that GEN_AI_AGENT_NAME is properly set for GEN_AI spans under an invoke_agent span (#5030) by @​constantinius

• fix(logs): Update sentry.origin (#5112) by @​sentrivana

• chore: Deprecate description truncation option for Redis spans (#5073) by @​alexander-alderman-webb

... (truncated)

Commits

• d3375bc Update CHANGELOG.md
• 23abfe2 release: 2.46.0
• ca19d63 feat: Preserve metadata on wrapped coroutines (#5105)
• cf165e3 build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#5136)
• b8d6a57 build(deps): bump actions/create-github-app-token from 2.1.4 to 2.2.0 (#5137)
• c0c28b8 build(deps): bump supercharge/redis-github-action from 1.8.0 to 1.8.1 (#5138)
• fb18c21 fix(pydantic-ai): Make imports defensive to avoid ModuleNotFoundError (#5135)
• f945e38 Fix openai-agents import (#5132)
• 8596f89 fix(integrations): enhance input handling for embeddings in LiteLLM integrati...
• 0e6e808 test(openai-agents): Remove MagicMock from mocked ModelResponse (#5126)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.